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Constraint Handling Rules (CHR) are a committed-choice declarative language which has been 
designed for writing constraint solvers. A CHR program consists of multi-headed guarded rules 
which allow one to rewrite constraints into simpler ones until a solved form is reached. 

CHR has received a considerable attention, both from the practical and from the theoretical 
side. Nevertheless, due the use of multi-headed clauses, there are several aspects of the CHR 
, semantics which have not been clarified yet. In particular, no compositional semantics for CHR 

■ has been defined so far. 
In this paper we introduce a fix-point semantics which characterizes the input /output behavior 

of a CHR program and which is and-compositional, that is, which allows to retrieve the semantics 
, of a conjunctive query from the semantics of its components. Such a semantics can be used as a 

■ basis to define incremental and modular analysis and verification tools. 

, Categories and Subject Descriptors: D.3.1 [Programming Languages]: Formal Definitions and 

O ' Theory — Semantics; D.3.3 [Programming Languages]: Language Constructs and Features — 

Constraints 

General Terms: Languages, Theory, Semantics 

> 
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m ■ 1. INTRODUCTION 

O ! 

\^ , Constraint Handling Rules (CHR) ^2^] are a committed-choice declarative lan- 

■ guage which has been specifically designed for writing constraint solvers. The first 
I constraint logic languages used mainly built-in constraint solvers designed by fol- 

O ■ lowing a "black box" approach. This made it hard to modify, debug, and analyze 

a specific solver. Moreover, it was very difficult to adapt an existing solver to 
the needs of some specific application, and this was soon recognized as a serious 
^ , limitation since often practical applications involve application specific constraints. 

' By using CHR one can easily introduce specific user-defined constraints and the 

related solver into an host language. In fact, a CHR program consists of (a set of) 
multi-headed guarded simplification and propagation rules which are specifically de- 
signed to implement the two most important operations involved in the constraint 
solving process: Simplification rules allow to replace constraints by simpler ones, 
while preserving their meaning. Propagation rules are used to add new redundant 
constraints which do not modify the meaning of the given constraint and which can 



X 



Author's address: 

Maurizio Gabbrielli, Dipartimento di Scienze dell'Informazione, Mura A. Zamboni 7, 40127 
Bologna, Italy, gabbri8cs.unibo.it. 

Maria Chiara Meo, Dipartimento di Scienze, Viale Pindaro 42, 65127 Pescara, Italy. 
cmeoOunich . it . 



2 • Maurizio Gabbrielli and Maria Chiara Meo 

be useful for further reductions. It is worth noting that the presence of multiple 
heads in CHR is an essential feature which is needed in order to define reasonably 
expressive constraint solvers (see the discussion in \12\). However, such a feature, 
which differentiates this proposal from many existing committed choice logic lan- 
guages, complicates considerably the semantics of CHR, in particular it makes very 
difficult to obtain a compositional semantics, as we argue below. This is unfortu- 
nate, as compositionality is an highly desirable property for a semantics. In fact, a 
compositional semantics provides the basis to define incremental and modular tools 
for software analysis and verification, and these features are essential in order to 
deal with partially defined components. Moreover, in some cases, modularity allows 
to reduce the complexity of verification of large systems by considering separately 
smaller components. 

In this paper we introduce a fix-point semantics for CHR which characterizes the 
input /output behavior of a program and which is and-compositional, that is, which 
allows to retrieve the semantics of a conjunctive query from the semantics of its 
components. 

In general, due to the presence of synchronization mechanisms, the input/ouput 
semantics is not compositional for committed choice logic languages and for most 
concurrent languages in general. Indeed, the need for more complicate semantic 
structures based on traces was recognized very early as a necessary condition to 
obtain a compositional model, first for dataflow languages and then in the 
case of many other paradigms, including imperative concurrent languages [H] and 
concurrent constraint and logic languages ^6^. 

When considering CHR this basic problem is further complicated: due to the 
presence of multiple heads, the traces consisting of sequences of input/ouput pairs, 
analogous to those used in the above mentioned works, are not sufficient to obtain a 
compositional semantics. Intuitively the problem can be stated as follows. A CHR 
rule r@ h, g ^ C \ B cannot be used to rewrite a goal h, no matter how the variables 
are constrained (that is, for any input constraint), because the goal consists of a 
single atom h while the head of the rule contains two atoms h^g. Therefore, if we 
considered a semantics based on input/ouput traces, we would obtain the empty 
denotation for the goal h in the program consisting of the rule r plus some rules 
defining B. Analogously for the goal g. On the other hand, the rule r can be used 
to rewrite the goal h, g. Therefore, provided that the semantics of B is not empty, 
the semantics of h, g is not empty and cannot be derived from the semantics of h 
and g, that is, the semantics is not compositional. It is worth noting that even 
restricting to a more simple notion of observable, such as the results of terminating 
computations, does not simplify this problem. In fact, differently from the case 
of ccp (concurrent constraint programming) languages, also the semantics based 
on these observables (usually called resting points) is not compositional for CHR. 
We have then to use some additional information which allows us to describe the 
behavior of goals in any possible and-composition without, of course, considering 
explicitly all the possible and-compositions. 

Our solution to obtain a compositional model is to use an augmented semantics 
based on traces which includes at each step two "assumptions" on the external 
environment and two "outputs" of the current process: Similarly to the case of the 
models for ccp, the first assumption is made on the constraints appearing in the 
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guards of the rules, in order to ensure that these are satisfied and the computation 
can proceed. The second assumption is specific to our approach and contains atoms 
which can appear in the heads of rules. This allows us to rewrite a goal G by 
using a rule whose head H properly contains G: While this is not possible with the 
standard CHR semantics, we allow that by assuming that the external environment 
provides the "difference" H minus G and by memorizing such an assumption. The 
first output element is the constraint produced by the process, as usual. We also 
memorize at each step a second output element, consisting of those atoms which 
are not rewritten in the current derivation and which could be used to satisfy some 
assumptions (of the second type) when composing sequences representing different 
computations. Thus our model is based on sequences of quadruples, rather than of 
simple input /output pairs. 

Our compositional semantics is obtained by a fixpoint construction which uses 
an enhanced transitions system implementing the rules for assumptions described 
above. We prove the correctness of the semantics w.r.t. a notion of observables 
which characterizes the input/ouput behavior of terminating computations where 
the original goal has been completely reduced to built-in constraints. We will discuss 
later the extensions needed in order to characterize different notions of results, such 
as the "qualified answers" used in [T^ . 

The remaining of this paper is organized as follows. Next section introduces some 
preliminaries about CHR and its operational semantics. SectionOcontains the defi- 
nition of the compositional semantics, while section^presents the compositionality 
and correctness results. Section El discuss briefly a possible extension of this work 
while section El concludes by indicating directions for future work. 

2. PRELIMINARIES 

In this section we first introduce some preliminary notions and then define the CHR 
syntax and operational semantics. Even though we try to provide a self-contained 
exposition, some familiarity with constraint logic languages and first order logic 
could be useful. 

We first need to distinguish the constraints handled by an existing solver, called 
built-in (or predefined) constraints, from those defined by the CHR program, user- 
defined (or CHR) constraints. An atomic constraint is a first-order predicate 
(atomic formula). By assuming to use two disjoint sorts of predicate symbols we 
then distinguish built-in atomic constraints from CHR atomic constraints. A built- 
in constraint c is defined by 

c ::= a I c A c I ^^a 

where a is an atomic built-in constraint ^. For built-in constraints we assume 
given a theory CT which describes their meaning. 

On the other hand, according to the usual CHR syntax, we assume that a user- 
defined constraint is a conjunction of atomic user-defined constraints. We use c, d to 
denote built-in constraints, h, k to denote CHR constraints and a, b to denote both 



^We could consider more generally first order formulas as built-in constraints, as far as the results 
presented here are concerned. 
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built-in and user-defined constraints (we will call these generically constraints) . The 
capital versions of these notations will be used to denote multisets of constraints. 
Furthermore we denote by U the set of user-defined constraints and by B the set of 
built-in constraints. 

We will often use "," rather than A to denote conjunction and we will often 
consider a conjunction of atomic constraints as a multiset of atomic constraints. In 
particular, we will use this notation based on multisets in the syntax of CHR. The 
notation 3-v<j), where y is a set of variables, denotes the existential closure of a 
formula cj) with the exception of the variables V which remain unquantified. Fv{(f)) 
denotes the free variables appearing in (j) and we denote by • the concatenation 
of sequences and by e the empty sequence. Furthermore l±) denotes the multi-set 
union, while we consider \ as an overloaded operator used both for set and multi-set 
difference (the meaning depends on the type of the arguments). 

We are now ready to introduce the CHR syntax as defined in |12| . 

Definition 2.1. [Syntax] A CHR simplification rule has the form 

while a CHR propagation rule has the form 

r@H ^C\B, 

where r is a unique identifier of a rule, H is a multiset of user-defined constraints, C 
is a multiset of built-in constraints and i? is a possibly empty multi-set of (built-in 
and user-defined) constraints^. A CHR program is a finite set of CHR simplification 
and propagation rules. 

We prefer to use multisets rather than sequences (as in the original CHR papers) 
since multisets appear to correspond more precisely to the nature of CHR rules. 
Moreover in this paper we will not use the identifiers of the rules, which will then 
be omitted. 

A CHR goal is a multiset of (both user-defined an built-in) constraints. Goals is 
the set of all goals. 

We describe now the operational semantics of CHR as provided by ^21 by using 
a transition system Tg = {Confs, — >s) (s here stands for "standard", as opposed 
to the semantics we will use later). Configurations in Confs are triples of the form 
(G, K, d) where G are the constraints that remain to be solved, K are the user- 
defined constraints that have been accumulated and d are the built-in constraints 
that have been simplified'^. 

An initial configuration has the form 

(G,0,0) 



^Some papers consider also simpagation rules, Since these are abbreviations for propagation and 
simplification rules we do not need to introduce them. 

^In El triples of the form (G, K, d) V were used, where the annotation V, which is not changed 
by the transition rules, is used to distinguish the variables appearing in the initial goal from the 
variables which are introduced by the rules. We can avoid such an indexing by explicitly referring 
to the original goal. 
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„ , CT \= c /\ d ^ d! and c is a built-in constraint 

((c,G),X,rf) -^s {G,K,d') 

Tv^+v.^^,,^^ h is a uscr-dcfincd constraint 
Introduce ((/.^ g), if , d) {G,{h,K),d) 



H^C\BeP x^FvjH) CT^d^3,iiH = H')AC) 
P ^ (G,H' AK,d) {B AG,K,H = H' Ad) 

Prnnae-atP H^C\BeP x ^ FvjH) GT ^ d ^ 3A{H ^ H') A G) 
propagate ^, ^ ^ {B A G, H' A K, H = H' A d) 



Tabic I. The standard transition system for CHR 

and consists of a goal G, an empty user-defined constraint and an empty built-in 
constraint. 

A final configuration has either the form 

(G, if, false), 

when it is failed, i.e. when it contains an inconsistent built-in constraint store 
represented by the unsatisfiable constraint false, or has the form 

(0,A',d) 

when it is successfully terminated since there are no applicable rules. 

Given a program P, the transition relation — >sC Conf x Conf is the least 
relation satisfying the rules in Tabled (for the sake of simplicity, we omit indexing 
the relation with the name of the program). The Solve transition allows to update 
the constraint store by taking into account a built-in constraint contained in the 
goal. Without loss of generality, we will assume that Fv{d') C Fv{c) U Fv{d). 
The Introduce transition is used to move a user-defined constraint from the goal 
to the CHR constraint store, where it can be handled by applying CHR rules. 
The transitions Simplify and Propagate allow to rewrite user-defined constraints 
(which are in the CHR constraint store) by using rules from the program. As usual, 
in order to avoid variable names clashes, both these transitions assume that clauses 
from the program are renamed apart, that is assume that all variables appearing 
in a program clause are fresh ones. Both the Simplify and Propagate transitions 
are applicable when the current store [d) is strong enough to entail the guard of 
the rule (c), once the parameter passing has been performed (this is expressed by 
the equation H = H'). Note that, due to the existential quantification over the 
variables x appearing in ii, in such a parameter passing the information flow is 
from the actual parameters (in H') to the formal parameters (in H), that is, it 
is required that the constraints H' which have to be rewritten are an instance of 
the head H . When applied, both these transitions add the body B of the rule 
to the current goal and the equation H ~ H' , expressing the parameter passing 
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mechanism, to the buih-in constraint store. The difference between Simplify and 
Propagate is in the fact that while the former transition removes the constraints 
H' which have been rewritten from the CHR constraint store, this is not the case 
for the latter. 

Given a goal G, the operational semantics that we consider observes the final 
stores of computations terminating with an empty goal and an empty user-defined 
constraint. We call these observables data sufRcient answers following the thermi- 
nology of [T^ . 

Definition 2.2. [Data sufRcient answers] Let P be a program and let G be a goal. 
The set SAp{G) of data sufficient answers for the query G in the program P is 
defined as follows 

SAp{G) = {{3_Fv(G)d) I (G,0,0) (0,0, d) ^s}. 

U 

{(false) I (G,0,0} — >: (G', X, false}}. 

In it is also considered the following different notion of answer, obtained by 
computations terminating with a user-defined constraint which does not need to be 
empty. 

Definition 2.3. [Qualified answers] Let P be a program and let G be a goal. The 
set QAp{G) of qualified answers for the query G in the program P is defined as 
follows 

QAp{G) - {{3_p,(^G)K Ad) I (G,0,0) {$,K,d) /^J 
U 

{(false) I (G,0,0) -^l (G', X, false)}. 

We discuss in Section the extensions needed to characterize also qualified an- 
swers. Note that both previous notions of observables characterize an input/output 
behavior, since the input constraint is implicitly considered in the goal. 

In the remaining of this paper we will consider only simplification rules since 
propagation rules can be mimicked by simplification rules, as far as the results 
contained in this paper are concerned. 

Note that in presence of propagation rules the "naive" operational semantics 
that we consider in this paper introduces redundant infinite computations: Since 
propagation rules do not remove user defined constraints (see rule Propagate in 
Table ^1, when a propagate rule is applied it introduces an infinite computation 
(obtained by subsequent applications of the same rule). Note however that this 
does not imply that in presence of an active propagation rule the semantics that 
we consider are empty. In fact, the application of a simplification rule after a 
propagation rule can cause the termination of the computation, by removing the 
atoms which are needed by the head of the propagation rule. It is also possible to 
define a more refined operational semantics (see P and ^O]) which avoids these 
infinite computations by allowing to apply at most once a propagation rule to 
the same constraints. We discuss in Section |31 the modifications needed in our 
construction to take into account this more refined semantics. 



A compositional Semantics for CHR 



7 



3. A COMPOSITIONAL TRACE SEMANTICS 

Given a program P, we say that a semantics Sp is and-compositional if Sp{A, B) = 
C{Sp{A),Sp{B)) for a suitable composition operator C which does not depend on 
the program P. As mentioned in the introduction, due to the presence of muhiple 
heads in CHR, the semantics which associates to a program P the function SAp 
is not and-compositional, since goals which have the same input/ouput behavior 
can behave differently when composed with other goals. Consider for example the 
program P consisting of the single rule 

g,h true\c 

(where c is a built-in constraint). According to Definition l2 . 31 we have that SAp{g) = 
SAp{k) = 0, while 

SAp{g, h) = {(3_f „(,,;,)c)} ^ = SAp{k, h). 

An analogous example can be made to show that also the semantics QA is not 
and-compositional. 

The problem exemplified above is different from the classic problem of concurrent 
languages where the interaction of non-determinism and synchronization makes the 
input/output observables non-compositional. For this reason, considering simply 
sequences of (input-output) built-in constraints is not sufficient to obtain a com- 
positional semantics for CHR. We have to use some additional information which 
allows us to describe the behavior of goals in any possible and-composition without, 
of course, considering explicitly all the possible and-compositions. 

The basic idea of our approach is to collect in the semantics also the "missing" 
parts of heads which are needed in order to proceed with the computation. For 
example, when considering the program P above, we should be able to state that 
the goal g produces the constraint c, provided that the external environment (i.e. 
a conjunctive goal) contains the user-defined constraint h. In other words, h is an 
assumption which is made in the semantics describing the computation of g. When 
composing (by using a suitable notion of composition) such a semantics with that 
one of a goal which contains h we can verify that the "assumption" h is satisfied 
and therefore obtain the correct semantics for g, h. In order to model correctly the 
interaction of different processes we have to use sequences, analogously to what 
happens with other concurrent paradigms. 

This idea is developed by defining a new transition system which implements 
this mechanism based on assumptions for dealing with the missing parts of heads. 
The new transition system allows one to generate the sequences appearing in the 
compositional model by using a standard fix-point construction. As a first step 
in our construction we modify the notion of configuration used before: Since we 
do not need to distinguish user-defined constraints which appear in the goal from 
the user-defined constraints which have been already considered for reduction, we 
merge the first and the second components of previous triples. Thus we do not need 
anymore Introduce rule. On the other hand, we need the information on the new 
assumptions, which is added as a label of the transitions. 

Thus we define a transition system T = (Conf, — >p) where configurations in 
Conf are pairs: the first component is a multiset of indexed atoms (the goal) 
and the second one is a built-in constraint (the store). Indexes are associated 
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CT h cAd<-> d! 
{cAG.d) — >% {G,d') 

H ^C\B^P Fv{H) Gy^dS CT ^ d ^ 3^{{H = {G, K)) A C) 

{GAA,d) — >^ {B'+^ AA,dA{H ^ {G,K))) 

where i is the maximal index occurring in the goal G A A 

Table II. The transition system for the compositional semantics 

to atoms in order to denote the point in the derivation where they have been 
introduced. Atoms in the original goals are indexed by 0, while atoms introduced 
at the i-th derivation step are indexed by i. Given a program P, the transition 
relation — >pC Conf x Conf x p{iU) is the least relation satisfying the rules in 
Table HTl (where p{A) denotes the set consisting of all the subsets of A). Note 
that we consider only Solve and Simplify rules, as the other rules as previously 
mentioned are redundant in this context. Solve' is the same rule as before, while 
the Simplify' rule is modified to consider assumptions: When reducing a goal G by 
using a rule having head H, the multiset of assumptions K — H\G (with H ^ K) 
is used to label the transition (\ here denotes multiset difference). Indexes allow us 
to distinguish different occurrences of the same atom which have been introduced 
in different derivation steps. We will use the notation G* to indicate that all the 
atoms in G are indexed by i. 

When indexes are not needed we will simply omit them. As before, we assume 
that program rules to be used in the new simplify rule use fresh variables to avoid 
names clashes. 

The semantics domain of our compositional semantics is based on sequences 
which represent derivations obtained by the transition system in Table More 
precisely, we first consider "concrete" sequences consisting of tuples of the form 
{G,c, K,G' ,d): Such a tuple represents a derivation step (G, c) — >p {G',d). The 
sequences we consider are terminated by tuples of the form {G,c,(l>,G,c), which 
represent a terminating step (see the precise definition below). Since a sequence 
represents a derivation, we assume that the "output" goal G' at step i is equal to 
the "input" goal G at step i + 1, that is, we assume that if 

• • ■ (Gi, Ci, Ki, G[, di){Gi+i, Ci+i, ifi+i, G[^i, rfi+i) ■ . ■ 

appears in a sequence, then G[ ~ Gi+i holds. 

On the other hand, the input store Ci+i can be different from the output store di 
produced at previous step, since we need to perform all the possible assumptions 
on the constraint c^+i produced by the external environment in order to obtain a 
compositional semantics. However, we assume that if 

■ . ■ (Gi, Ci, Ki, G[, di){Gi+i, Ci+i, iiTi+i, G'^^i, d^+i) ■ . ■ 

appears in a sequence then CT \= Ci+i — > di holds: This means that the assumption 
made on the external environment cannot be weaker than the constraint store 
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produced at the previous step. This reflects the monotonic nature of computations, 
where information can be added to the constraint store and cannot be deleted from 
it. Finally note that assumptions on user-defined constraints (label K) are made 
only for the atoms which are needed to "complete" the current goal in order to 
apply a clause. In other words, no assumption can be made in order to apply 
clauses whose heads do not share any predicate with the current goal. 

The set of the above described "concrete" sequences, which represent derivation 
steps performed by using the new transition system, is denoted by Seq. 
From these concrete sequences we extract some more abstract sequences which are 
the objects of our semantic domain: From each tuple (G, c, K, G', d) in a sequence 
S G Seq we extract a tuple of the form (c, K, H, d) where we consider as before the 
input and output store (c and d, respectively) and the assumptions (K), while we 
do not consider anymore the output goal G'. Furthermore, we restrict the input 
goal G to that part H consisting of all those user-defined constraints which will 
not be rewritten in the (derivation represented by the) sequence S. Intuitively H 
contains those atoms which are available for satisfying assumptions of other goals, 
when composing two different sequences (representing two derivations of different 
goals). We also assume that if 

{ci, Ki, Hi, di)(ci+i, i^'i+i, ffi+i, di+i) 

is in a sequence then Hi C Hi+i holds, since these atoms which will not be rewritten 
in the derivation can only augment. Finally, indexes are not used in the abstract 
sequences (they are only needed to define stable atoms, see Definition 13. 2fl . 
We then define formally the semantic domain as follows. 

Definition 3.1. [Abstract sequences] The semantic domain V containing all the 
possible (abstract) sequences is defined as the set 

V = {{ci,Ki,Hi,di) . . . (c„, 0, Hn, c„) I 

for each j, 1 < j < n and for each i,l < i < n ~ 1, 

Hj and Ki are multisets of CHR (non indexed) constraints, 

Cj, di are built-in constraints and CT \= dt Ci, 

Hi C iJi+i and CT \= Ci+i di holds }. 

In order to define our semantics we need three more notions. First, we define 
an abstraction operator a which extracts from the concrete sequences in Seq (rep- 
resenting exactly derivation steps) the abstract sequences used in our semantic 
domain. 

Definition 3.2. [Abstraction and Stable atoms] Let 

S = (Gi, ci, i^i, G2, di) . . . (G„, c„, 0, G„, c„) 

be a sequence of derivation steps where we assume that atoms are indexed as 
previously specified. We say that an indexed atom is stable in S if appears 
in Gj, for each 1 < i < n. The abstraction operator a : Seq — > P is then defined 
inductively as 

a{e) = e 

al{G, c, K, G', d) ■ S') = /3((c, K, H, d)) ■ a{5') 
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where H is the muhiset consisting of all the atoms in G which are stable in 
(G, c, K, G\d) ■ 6' and the function (3 simply removes the indexes from the atoms 
in H. 

Then we need the notion of "compatibility" of a tuple w.r.t. a sequence. To this 
aim we first provide some further notation: Given a sequence S of derivation steps 

(Gi,Ci,Xi,G2,dl)(G2,C2,if2,G3,d2)...(G 

ni ^717 7 G^ , Cji ) 

we denote by length{S) the length of the derivation S (i.e. the number of tuples in 
the sequence). Moreover using i as a shorthand for the tuple (Gi, ci, i^i, G2, di) 
we define 

. Viocit) = Fv{G2,di)\Fv{Gi,ci,Ki), 

■ Vass{S) = Ur=i^ Fv{Ki) (the variables in the assumptions of 5), 

■ Vstabie{5) ~ Fv{Gn) (the variables in all the stable multisets of (5), 

• Vconstri^) — U"=i^ Fv{di) \ Fv{ci) (the variables in the output constraints of S 
which are not in the corresponding input constraints) and 

• ViociS) ~ \J"^^ Fv{Gi-f-i,di) \ Fv{Gi,Ci, Ki) (the local variables of S, namely 
the variables in the clauses used in the derivation 6). 

We then define the notion of compatibility as follows. 

Definition 3.3. Let t = (Gi, ci, Ki, G2, c?i) a tuple representing a derivation step 
for the goal Gi and let S = (G2, C2, if2, G3, c?2) • • ■ {Gn,Cn, 0, G„, c„) be a sequence 
of derivation steps for G2. We say that t is compatible with 6 if the following hold: 

(1) GT h C2 di, 

(2) Vi,c{S)nFv{t)=9, 

(3) l^oc(t)nKs.('5) =0 and 

(4) for z e [2, n], Viodt) H Fvia) C Uj^l Fv{d,) U Vstabie{5)- 

The first three condition reflect the monotonic nature of computations, that the 
clauses in a derivation are renamed apart and that the variables in the assumptions 
are disjoint from the variables in the clauses used in a derivation. The last condition 
ensure that the local variables in a derivation 5 and in the abstraction of 5 are the 
same (see Lemma l4.3(l . Note that if t is compatible with 5 then, by using the 
notation above, t ■ 5 is a, sequence of derivation steps for Gi. We can now define 
the compositional semantics. 

Definition 3.4. [Compositional semantics] Let P be a program and let G be a 
goal. The compositional semantics of G in the program P, Sp : Goals — > p{T>), is 
defined as 



Sp{G) - a{S'p{G)) 

where a is the pointwise extension to sets of the operator given in Definition 13.21 
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and S'p : Goals —>■ p{Seq) is defined as follows: 

S'p{G) = {(G, c, A', G', d)-5^Seq\ CT ^ c false, (G, c) — (G', d) 

and (5 S S' p{G') for some (5 such that 
(G, c, if, G', d) is compatible with S} 

U 

{(G,c,0,G,c) e5eg}. 

Formally 5p(G) is defined as the least fixed-point of the corresponding operator 
$ e {Goals p[Seq)) Goals p{Seq) defined by 

$(/)(G) = {(G, c, if, G', d)-5eSeq\ CT ^ c <-> false, (G, c) — >^ (G', d) 

and S G i(G') for some S such that 
(G, c, K, G', d) is compatible with 6} 

U 

{(G,c,0,G,c) e Seq}. 

In the above definition, / : Goals p{Seq) stands for a generic interpretation 
assigning to a goal a set of sequences, and the ordering on the set of interpretations 
Goals — !■ p{Seq) is that of (point-wise extended) set-inclusion. It is straightforward 
to check that $ is continuous (on a CPO), thus standard results ensure that the 
fixpoint can be calculated by U„>o</'"(-L), where cj)'^ is the identity map and for 
71 > 0, = o (j)"^^ (see for example 

4. COMPOSITIONALITY AND CORRECTNESS 

In this section we prove that the semantics defined above is and-compositional and 
correct w.r.t. the observables SAp. 

In order to prove the compositionality result we first need to define how two 
sequences describing a computation of A and B, respectively, can be composed 
in order to obtain a computation of A, B. Such a composition is defined by the 
(semantic) operator || which performs an interleaving of the actions described by 
the two sequences and then eliminates the assumptions which are satisfied in the 
resulting sequence. For technical reasons, rather than modifying the existing se- 
quences, the elimination of satisfied assumptions is performed on new sequences 
which are generated by a closure operator rj defined as follows. 

Definition 4.1. Let be a multiset of indexed atoms, cr be a sequence in V of 
the form 

(ci,ifi,iii,(ii) (c2,K2.,H2,d2) . . . (c„, A'„,ii„,(i„) 

and let 

Hi - Hi and for i e [2, n] H, - ii,_i W (ii, \ H,^i)\ 

where we use the notation ii* to indicate that all the atoms in H are indexed by i 
and \ denotes the multisets difference. 
We denote by ct \ the sequence 

P{{ci,Ki,Hi \ W, di) {C2,K2, H2 \W,d2)... (c„, Kn,Hn \ W, d„)) 

where the multisets difference Hi\W considers indexes and, as in Definition 13.21 
the function /3 simply removes the indexes from the stable atoms. 
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The operator ry : p^D) p{T^) is defined as follows. Given S G p{T>), ri{S) is 
the least set satisfying the following conditions: 

(1) sc7^{sy, 

(2) if d' • (c, K, H, d) ■ a" 6 r]{S) then {a' ■{c,K\ K' , H, d) ■ a") \W & ri{S) 

where K' = {Ai, . . . ,^„} C X is a multiset such that there exists a multiset of 
indexed atoms W = {B{^ , . . . , B^" } C i/ such that CT \= c /\ Bi ^ c f\ Ai, ioY each 
I e [l,7i]. 

A few explanations are in order. The operator rj is an upper closure operator^ 
which saturates a set of sequences S by adding new sequences where redundant as- 
sumptions can be removed: an assumptions a (in Ki) can be removed if appears 
as a stable atom (in Hi). Once a stable atom is "consumed" for satisfying an as- 
sumption it is removed from (the multiset of stable atoms of) all the tuples appear- 
ing in the sequence, to avoid multiple uses of the same atom. Note that stable atoms 
are considered without the index in the condition CT |= cABi ^ c A A; , while they 
are considered as indexed atoms in the removal operation Hi\W. The reason for this 
slight complication is explained by the following example. Assume that we have the 
set S consisting of the only sequence (c, 0, {a}, d){c', {a}, {a, a}, d'){c", 0, {a, a}, c"). 
From this sequence, we construct a new one, where the stable atoms are indexed 
as follows: 

(c, 0, {fli}, d) (c', {a}, {a\ a^}, d') (c", 0, {a\a^}, c"). 

Such a new sequence indicates that at the second step we have an assumption a, 
while both at the first and at the second step we have produced a stable atom a, 
which has been indexed by 1 and 2, respectively. In order to satisfy the assumption 
a we can use either or a^. 

However, depending on what indexed atom we use, we obtain two different simpli- 
fied sequences in ri{S), namely 

(c, 0, 0, d){c', 0, {a}, d'){c", 0, {a}, c") and (c, 0, {a}, d)(c', 0, {a}, rf')(c", 0, {a}, c"), 
which describe correctly the two different situations. It is also worth noting that it 
is possible to disregard indexes in the result of the normalization operator 

Before defining the composition operator || on sequences we need a notation for 
the sequences in V analogous to that one introduced for sequences of derivation 
steps: 

Let (T = (ci, Ki, Hi, di){c2, K2, H2, ^2) ■ ■ • (cn, 0, Hn, dn) e P be a sequence for the 
goal G. We define 

■ Vassif^) = ySi=\ F'v{Ki) (the variables in the assumptions of a), 

■ Vstabie{(y) = Fv{Hn) = U^^i ^"(^0 (^^^ Variables in the stable multisets of 
a), 

■ Vconstri'^) = Ui=i F''^{di) \ Fv{ci) (the variables in the output constraints of a 
which are not in the corresponding input constraints), 

• Vioc{(y) = (Vco„str(cr) U VstaUe{(^)) \ (Kss(o-) U Fv{G)) (by using Condition 4 of 
Definition and by Lemma f4. 31 the local variables of a sequence a are the local 
variables of the derivations 5 such a{5) = a). 

C r]{S) holds by definition, and it is easy to see that ri{ri{S)) = ri{S) holds and that S C S' 
implies J?(S) C r](S'). 
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We can now define the composition operator || on sequences. To simplify the 
notation we denote by || both the operator acting on sequences and that one acting 
on sets of sequences. 

Definition 4.2. The operator \\: V x T) ^ is defined inductively as follows. 

Assume that cti — {ci, Ki, Hi, di) ■ a'l and (72 = (c2, K2, H2, ■ (J2 are sequences 
for the goals Gi and G2, respectively. If 

{Vioc{cTi) U Fv{Gi)) n {Vioc{cJ2) U Fv{G2)) = Fv{Gi) n Fv{G2) (1) 

then di II (72 is defined by cases as follows: 

(1) If both (71 and (72 have length 1 and have the same store, say ai = (c, 0, Hi, c) 
and (72 (c, 0, H2, c), then 

II (72 ={(c,0,HlWif2,c)}. 

(2) If (72 has length 1 and ai has length > 1 then 

CTi II (72 = {{ci,Ki,Hi\iiH2,di) - a V\ (7 e (7^ || (73}. 
The symmetric case is analogous and therefore omitted. 

(3) If both (7i and (72 have length > 1 then 

cri II cr2 = {{ci,Ki,Hi^H2,di) - a e V\aea'i\\ 02} 
U 

{(C2, X2, Hi^H2,d2) - a eV\a eai \\ a!,} 
Finally the composition of sets of sequences ||: p{V) x p(X') — > pCD) is defined 

by 

Si II ^2 = {(7 G I? I there exist ai E Si and (72 G 6*2 such that 

a = (ci,ii:i,ifi,(ii} • ■ • (c„,0,i/„,c„) G r]{ai \\ CT2), 
(V^oc(cri) U Viocicr2)) n V'ass(cr) = and for i G [1, n] 
(ViocicTi) U \^oc(a2)) n Fv{c,) C U;^l U 

Let us briefly illustrate some points in previous definition. 

Condition Q ensures that the rules used to construct the (derivations abstracted 
by the) sequences cri and (72 have been renamed apart (that is, they do not share 
variables). Moreover, the local variables of each sequence are different from those 
which appear in the initial goal for the other sequence. 

Moreover, in the definition of the composition of sets of sequences ||: p{T>) x 
p{T>) p(25), the first condition ensures that the variables appearing in the rules 
used to construct the sequences ai and (72 are distinct from the variables appear- 
ing in the assumptions. The second condition is needed to ensure that a is the 
abstraction of a sequence satisfying condition 4 in Definition 13.31 (compatibility) . 

Using this notion of composition of sequences we can show that the semantics 
Sp is compositional. Before proving the compositionality theorem we need some 
technical lemmas. 

Lemma 4.3. Let G be a goal, 6 G S'p{G) and let a — a{6). Then Vr{S) — Vr{(j) 
holds, where r G {ass, stable, constr, lac}. 
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Lemma 4.4. Let P be a program, H and G be two goals and assume that 5 G 
S'p{H,G). Then there exists Si G S'p{H) and 62 G Sp{G), such that for i — 1,2, 
ViociSt) C Vioc{S) anda{S) G v{(^{Si) \\ a{S2)). 

Lemma 4.5. Let P be a program, let H and G be two goals and assume that 
Si G Sp{H) and 62 G Sp{G) are two sequences such that the following hold: 

(1) a{5i) II 0(62) is defined, 

(2) a = {ci,Ki,Wi,di) ■ ■ ■ (c„, 0, Wn, c„) G ?7(a(5i) 1| 0(^2)), 
(5) {Vioc{a{Si)) U Vioc{a{S2))) n Vass{o) = 0, 

U) fori^ [l,n], {Vloc{a{Sl))\^Vloc{(^{S2)))r\Fv{c^) C \S~2lFv{dJ)\^ Fv{W,). 

Then there exists 6 G S'p{H, G) such that a = a{S). 

By using the above results we can prove the foUowing theorem. 

Theorem 4.6. [Compositionality] Let P be a program and let H and G be two 
goals. Then 

Sp{H,G)=Sp{H) II Sp{G). 
Proof We prove the two inclusions separately. 

{SpiH,G) C Sp{H) II Sp{G)). Let a G Sp{H,G). By definition of 5p, there 
exists S G S'p{H,G) such that a ~ a{S). By Lemma there exist G Sp{H) 
and S2 G Sp{G) such that for i — 1,2, Vioc{Si) C Vioc{S) and a G ?7(a(5i) || a{S2))- 
Let 

5 = {{H, G),ci,Ki,B2,di) ■ ■ ■ {Bn, c„, 0, B„, c„) 

and let cr = {ci, Ki, Hi, di) ■ ■ ■ (cn,^, Hn,Cn), where iJ„ = Bn. Then in order to 
prove the thesis we have only to show that 

{Vioc{a{Si)) U Viocia{52))) n K.s(cr) = and for i G [l,7i], 
{Viocia{5i)) U l^oc(a((52))) n Fvic) C U^-ll U FviH). 

First observe that by Lemma l4.3l and by hypothesis, we have that Vassio') — VassiS) 
and for i = 1,2, V/oc(a(<^i)) = Vioc{Si) C Vioc{S). Then by the previous results and 
by the properties of the derivations 

{Viocia{Si)) U Vioc{ai52))) n Ks.M ^ l^oc(<5) n Ks.W = 0- 

Moreover by condition 4 of Definition (compatibility) , for i G 

j-i 

(l^/oc(a((5i)) U yzoc(a(<52))) n Fvia) C n F«(cO C IJ Fv{d,) U Ktab/eW 

i=i 

holds. Now, observe that if a; G Vioc{S) C] Fv{ci) r\Vstabie{S) , then x G Uj=i ^/oc(<5)n 
Fv{Bj) n ystafcie(<^) and then a; G Fv{Hi) and this completes the proof of the first 
inclusion. 

{Sp{H,G) D Sp{H) II SpiG)). Let a G 5p(i/) || 5p(G). By definition of 
Sp and of || there exist Si G S'p{H) and (52 G Sp{G), such that cti = a(<5i). 
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= a{52), CTi II 0-2 is defined, a = (ci, A"i, i/i, di) ■ • • (c„, 0, -ff„, c„) G 77(0-1 || 0-2), 
(Vioc(fTi)uy/oc(fT2))nKs.(fT) =0andforiG [l,n], (V(oc(cti) U Vioc(CT2)) nFv(c,) C 
[SjZ!i Fv{dj) U Fv{Hi). The proof is then straightforward by using Lemma [4. 51 

4.1 Correctness 

In order to show the correctness of the semantics Sp w.r.t. the (input/output) 
observables SAp^ we first introduce a different characterization of SAp obtained 
by using the new transition system defined in Table UTI 

Definition 4.7. Let P be a program and let G be a goal and let — >p be (the 
least relation) defined by the rules in Table UTI We define 

S^P{G) = {3_p,^G)C I (G,0) -^i >i (0,c) ^^}. 

The correspondence of 5.4' with the original notion 5.4 is stated by the following 
proposition, whose proof is immediate. 

Proposition 4.8. Let P be a program and let G be a goal. Then 

SAp{G) ^SA'p{G). 

The observables SA'p, and therefore SAp, describing answers of "data sufficient" 
computations can be obtained from S by considering suitable sequences, namely 
those sequences which do not perform assumptions neither on CHR constraints nor 
on built-in constraints. The first condition means that the second components of 
tuples must be empty, while the second one means that the assumed constraint at 
step i must be equal to the produced constraint at step i-1. We call "connected" 
those sequences which satisfy these requirements: 

Definition 4.9. [Connected sequences] Assume that 

a = {ci,Ki,Hi,di) . . . (c„, Kn, H„, c„} 

is a sequence in V. We say that a is connected if 

(1) Ki — % for each i, 1 < i < 

(2) dj = Cj+i for each j , 1 < j < n — \ and 

(3) either iJ„ = or c„ = false. 

The proof of the following result derives from the definition of connected sequence 
and an easy inductive argument. 

Given a sequence a = (ci, Ki, Hi,di) . . . {cn, Kn, Hn, dn), we denote by instore(a) 
and store{a) the built-in constraint ci and the built-in constraint dn, respectively. 

Proposition 4.10. Let P be a program and let G be a goal. Then 

SA'p{G) ~ {3^py(^Q-)C I there exists a G Sp{G) such that instore{a) = 
a is connected and c — store(cr)}. 

The following corollary is immediate from Proposition 14 . 81 

Corollary 4.11. [Correctness] Let P be a program and let G be a goal. Then 

SAp{G) = {3_pyj^Q-^c I there exists a G Sp{G) such that instore{a) = 
a is connected and c — store{a)}. 
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5. A MORE REFINED SEMANTICS 

As previously mentioned, the operational semantics that we have considered in this 
paper is somehow naive: In fact, since propagation rules do not remove user defined 
constraints (see rule Propagate in Table P), when a propagate rule is applied it in- 
troduces an additional infinite computation (obtained by subsequent applications of 
the same rule). Of course, as previously mentioned, the terminating computations 
are not affected, as the application of a simplification rule after a propagation rule 
can cause the termination of the computation. 

A more refined operational semantics which avoid these infinite computations 
has been defined in Essentially the idea is to memorize in a token store, to 
be added to the global state, some tokens containing the information about which 
propagation rules can be applied to a given multiset of user-defined constraints. 
Each token consists of a propagation rule name and of the multiset of candidate 
constraints for that rule. A propagation rule can then be applied only if the store 
contains the appropriate token and therefore it can be applied at most once to the 
same constraint. 

We could take into account this refined operational semantics by using a slight 
extension of our semantic construction. More precisely, we first consider "concrete" 
sequences consisting of tuples of the form (G, c, T, K, G', T', d), where T and T' are 
token stores as defined in (J. Such a tuple represents exactly a derivation step 
(G, c, T) — >p {G',d,T'), according to the operational semantics in The se- 
quences we consider are terminated by tuples of the form (G, c, T, 0, G, c, T), which 
represent a terminating step. Since a sequence represents a derivation, we assume 
that the "output" goal G' and token store T' at step i are equal to the "input" 
goal G and to the token store T at step z -I- 1, respectively. From these concrete 
sequences we extract the same abstract sequences which are the objects of our se- 
mantic domain: From each tuple (G, c, T, K, G', d, T') in a concrete sequence 5 we 
extract a tuple of the form (c, K, T, H, d) where we consider as before the input and 
output store (c and d, respectively), the input token store and the assumptions {K), 
while we do not consider anymore the output goal G' and the token store T' . The 
abstraction operator which extracts from the concrete sequences the sequences used 
in the semantic domain is a simple extension to that one given in Definition 13.21 
In order to obtain a compositionality result we then define how two sequences de- 
scribing a computation of A and B according to this refined operational semantics, 
respectively, can be composed in order to obtain a computation of A, B. Such a 
composition is defined by a (semantic) operator, which performs an interleaving of 
the actions described by the two sequences. This new operator is similar to that 
one defined in Definition 14. 21 even though the technicalities are different. 

Recently a more refined semantics has been defined in |1(J) in order to describe 
precisely the operational semantics implicitly used by (Prolog) implementations 
of CHR. Although this refined operational semantics is still non-deterministic, the 
order in which transitions are applied and the order in which occurrences are visited 
are decided. This semantics is therefore substantially different from the one we 
consider and apparently it is difficult to give a compositional characterization for 
it. 
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6. CONCLUSIONS 

In this paper we have introduced a semantics for CHR which is compositional w.r.t. 
the and-composition of goals and which is correct w.r.t "data sufficient answers", 
a notion of observable which considers the results of (finitely) failed computations 
and of successful computations where all the user-defined constraints have been 
rewritten into built-in constraints. We are not aware of other compositional char- 
acterizations of CHR answers and only 14 addresses compositionality of CHR rules 
(but only for a subset of CHR). Our work can be considered as a first step which 
can be extended along several different lines. 

Firstly, it would be desirable to obtain a compositional characterization also for 
"qualified answers" obtained by considering computations terminating with a user- 
defined constraint which does not need to be empty (see Definition l2.3|l . This could 
be done by a slight extension of our model: The problem here is that, given a tuple 
{G,c, K,G' ,d), in order to reconstruct correctly the qualified answers we need to 
know whether the configuration (G", d) is terminating or not (that is, if (G", d) -/^p 
holds). This could be solved by introducing some termination modes, at the price 
of a further complication of the traces used in our semantics. Also, as previously 
mentioned, we are currently extending our semantics in order do describe the more 
refined operational semantics given in I . 

A second possible extension is the investigation of the full abstraction issue. For 
obvious reasons it would be desirable to introduce in the semantics the minimum 
amount of information needed to obtain compositionality, while preserving correct- 
ness. In other terms, one would like to obtain a results of this kind: Sp{G) ~ Sp{G') 
if and only if, for any H, SAp{G,H) = SAp[G',H) (our Corollary irin only en- 
sures that the "only if" part holds). Such a full abstraction result could be difficult 
to achieve, however techniques similar to those used in jS] IHj for analogous results 
in the context of ccp could be considered 

It would be interesting also to study further notions of compositionality, for 
example that one which considers union of program rules rather than conjunctions 
of goals, analogously to what has been done in [Jj. However, due to the presence of 
synchronization, the simple model based on clauses defined in 7 cannot be used 
for CHR. 

As mentioned in the introduction, the main interest related to a compositional 
semantics is the possibility to provide a basis to define compositional analysis and 
verification tools. In our case, it would be interesting to investigate to what extent 
the compositional proof systems a la Hoare defined in [210] for timed ccp languages, 
based on resting points and trace semantics, can be adapted to the case of CHR. 
Also, it would be interesting to apply the semantics to reconstruct the confluence 
analysis of CHR. 

Acknowledgments We thank Michael Maher for having initially suggested the 
problem of compositionality for CHR semantics. 
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7. APPENDIX 

In this appendix we provide the proofs of some lemmas used in the paper. 

In the foUowing, given a sequence 7, where 7 G Seq U P, we wih denote by 
instcire{j) and by Inc{'^) the first input constraint and the set of input constraints 
of 7, respectively. Moreover, we will denote by Ass{'^) and Stable{"f) the set (cor- 
responding to the multiset) of assumptions of 7 and the set (corresponding to the 
multiset) of atoms in the last goal of 7, respectively. 

Lemma 7.1. (Lemma \4-!^ Let G he a goal, 5 e S'p{G) and let a — a{S). Then 

Vr{S) = Vr{<j), where r £ {ass, stable, constr, loc}. 

Proof If r G { ass, stable, constr } then the proof is straightforward by definition 
of a and of Vr- Then we have only to prove that ViodS) = Vioc{(j)- 
The proof is by induction on n = lenght(5) . 

n ~ 1). In this case S — {G, c, ^,G,c), a — (c, 0, G, c), and therefore, by definition 

VlociS) = Vlocia) = 0. 

n > 1). Let S = {Gi,ci,Ki,G2,di){G2,C2,K2, 03,^3) • • • (G„,c„,0, Gn,c„), where 
G = Gi. 

By definition of Sp{G), there exists S' e S'p{G2) such that t — (Gi, ci, Ki,G2,di) 
is compatible with 6' and S ~ t ■ S' E Seq. 

By inductive hypothesis, we have that Vioc{S') — Viodcr'), where a' — a{6'). 
Moreover, by definition of a, cr = {ci, Ki, Hi,di) ■ a', where Hi is the multiset 
consisting of all the atoms in Gi which are stable in 5. 

By definition of VJoc and by inductive hypothesis 

ri-l 

Vloc{S) = \J Fv{G^+l,d^)\Fv{G^,C^,K,) 
i=l 

= ViociS') U iFviG2,di)\FviGi,ci,Ki)) 

= Viocicr') U (F^;(G2, di) \ Fw(Gi, ci, i^i)). (2) 

Moreover, by definition of Vioc and since VstaUei'^) = VstaUei'^'), we have that 

VlocW) = iV^onstrW) U Vstable{(j)) \ {Vass{^') U Fv{G2)). (3) 

Therefore by |(2Jl, by properties of U and since Fv(G2)C\Fv{Gi,ci, Ki) C Fv[G2)C\ 
Fv{Gi), we have that 

VloM = {{Vconstr{^')i^VstaUe{a))\{VassW)\^Fv{G2))) U 

{Fv{G2)\Fv{Gi)) U {Fv{di)\Fv{Gi,ci,Kd). (4) 

Now, let X G Fv{Ki) n {Vconstri'^') U Vstabie{<^)) ■ By definition x e Fv{t), since t 
is compatible with 5' and by condition 2 of Definition l3.3l fcompatibilitv). we have 
that X ^ Vioc{5') = Vioc{(t') and therefore by @ x G Kss(cr') U Fv{G2). Then by 

^ioc(<5) = ((Ko„str(fT')UF,ta6/e(a))\(I4,,(a)Ui^z;(G2))) 

U (i^w(G2)\^^^;(Gi,Xi)) U (Fi;(rfi)\Fi;(Gi,ci,iCi)). (5) 



20 • Maurizio Gabbrielli and Maria Chiara Meo 



By properties of U, we have that 

{{Vconstricr') U Vstable{cr)) \ Vass{<j) U Fv{G2))) U 

{Fv{G2)\Fv{Gi)) = 

{{Vconstr{<j') U Vstable{<j)) \ {Vass{<j) U {Fv{G2) Cl Fv{Gi)))) U 

{Fv{G2)\Fv{Gi)). (6) 

Now let X e Fv{Gi) \ Fv{G2) and let us assume that x e Vconstr{<^')^Vstabie{<^) — 
Vconstr{5') U Vstabiei^')- By definition x G Fv{t), since < is compatible with S' and 
by condition 2 of Definition 13.31 (compatibility), we have that x ^ ViodS')- Then 
since x ^ Fv{G2) we have that there exists i G [2, n — 1] such that x G Fv{Ki) and 
therefore x G Kss(^') = VassW)- Therefore, by the previous results and by lO 
and ((HJ, we have that 

Vloc{6) = {{Vconstr{(T') U VstaUe{(j)) \ (K.s(cr) U Fv{Gl))) U 

(i^i;(G2)\^^«(Gi)) U (F,;(di)\F,;(Gi,ci,ifi)). (7) 

Now let X G {Fv{di) \ Fv{ci)) D Vass{<^')- Since by point 3 of Definition 13.31 (om- 
patibility) Vioc{t) n Vass{<y') = 0, we have that x G Fv{Gi,Ki). Then 

Fv{di) \ FviGi,CuK,) 

{Fv{d,)\Fvic,))\Fv{Gi,Ki) 

{Fv{di) \ Fvici)) \ {Fv{GuKi)UVassi<j')) = 

(Fvidi) \ Fvic^)) \ {FviGi)UVas.i<7)). 

Then by 0, 

VlociS) = iiVconstr{'j)UV,tablei<j))\{Vass{(j)LlFviGi))) U 

{Fv{G2)\Fv{Gi)). (8) 

Finally let x G Fv{G2) \ Fv{Gi). We prove that x G ((V;o„,jtr(cr) U Vstabie{<y)) \ 
Vass{<^)- First of all, observe that x G Vioc{t) and therefore, by definition of com- 
patibility, X Vass{<^)- Now, let ^ G G2 such that x G Fw(^) and let us to assume 
that A ^ Stable{a) = Stable{5). Then, by definition of derivation, there exists 
j G — 1] such that x G Fv{dj). Let h the least index j G — 1] such 

that X G Fv(dh)- By condition 4 of Definition |^| (compatibility) , we have that 
X ^ Fv{ch) and then x G Vconstr(iJ) = Vconstr{<y)- Then by lO, by the previous 
result and by definition of Vioc, 

Vloc{5) = {Vconstr{(T) U Vstable{(T)) \ {Vass{a) U Fv{Gi)) = VJocM 

and then the thesis holds. 

In the following, given a sequence of derivation steps 

5 = {Bi,Ci,Ki,B2,di) . . . {Bn,Cnj%,BnjCn) 

and a goal W, we denote hy 5 (BW the sequence 

{{Bi,W),ci,Ki, VF), di) . . . W), c„, 0, T^), c„) 
and by 5 QW the sequence 

(Bi \ M^, ci, Xi, B2 \ T^, di) . . . (B„ \ M^, c„, 0, B„ \ M^, c„). 
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The proof of the foUowing two lemma is straightforward by definition of deriva- 
tion. 

Lemma 7.2. Let H,G be goals and let 5 e Sp{H,G) such that 

6 = {{H,G),Ci,Ki,R2,di){R2,C2,K2,R3,d2) ■ ■ ■ {Rn,Cn,<D,Rn,Cn) 

where H = (H', H"), H" ^ and the first tuple of the sequence 6 represents a 
derivation step s, which uses the Apply' rule and rewrites only and all the atoms 
in {H",G). Then there exists a derivation 6' G Sp{H) such that 

6' = {H,Ci,Kiii)G,R2,di){R2,C2,K2,R3,d2)---{Rn,Cn9,Rn,Cn). 

Lemma 7.3. Let G be a goal, W be a multiset of atoms and let 6 € S'p{G) such 
that Fv{W) n Vioc{6) = 0. Then S ®W e S'p{G,W). 

Lemma 7.4. Let P be a program and let H and G be two goals such that there 
exists a derivation step 

s = ((F,G),ci)^^^ {{B,G),di), 

where only the atoms in H are rewritten in s. 

Assume that there exists S € S'p{H, G) such that 5 = t ■ 6' , where 

t= {{H,G),cuKi,{B,G),di), 

5' G S'p{B,G) and t is compatible with 6'. Moreover assume that there exists 
5[ e S'p{B) and d'2 G S'p{G), such that 

(1) for i = l,2, ViociSi) C Vioc{S') and Inc{5[) C Inc{5'). 

(2) Ass{5[) C Ass{S') U Stable{5'2) and AssiS'^) C Ass{S') U Stable{S[), 
(5) a{6[) II a{6'2) is defined and a{5') e v{a{6[) \\ a((5^)). 

Then Si = t' ■ 5[ £ Sp{H), where t' = {H,ci,Ki,B,di), a{5i) \\ 0(^2) is defined 

and a{S) G ri{a{Si) \\ c({5!2)). 

Proof In the following, assume that 

6[ = (Si, ei, Ml, S2, fi){B2, 62, M2, B3, /2) • • • {Bi,ei, 0, Bi, ei,) 
S'2 = {Gi,ri,Ni,G2,si){G2,r2,N2,G3,S2) ■ ■ ■ {Gp,rp,^,Gp,rp) 

5' = {Rl,C2, K2, R2, d2){R2,Cz, K3, i?3, ds) ■ ■ ■ (Rn-l,Cn, 0, Rn-1, Cn), 

where Bi = B, Gi = G, Ri = {B, G) and e; = = c„. The following holds. 

(a) 5i G S'p [H) . By construction, we have only to prove that t' is compatible 
with S'l- The following holds. 

(1) By hypothesis Inc{5'{) C Inc{5') and then GT \= instore{S[) — > instore{5'). 
Moreover since t is compatible with 5' , we have that CT \= instore{S') —>■ di 
and therefore CT \= instore{6[) — > di. 

(2) By hypothesis Vioc{S[) C Vioc{S') and by construction Fv(t') C Fv{t). Then 
Vioc{S'i) n Fv(t') C ViociS') n Fv{t) = 0, where the last equality follows since t 
is compatible with S'. 

(3) First of all observe that given a derivation S, we have that 

Vstable{5)CFv{G)UVloc{5), (9) 
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where G is the initial goal of the derivation S. Then have that 

(since Vioc{t') = Vioc{t) and since by hypothesis 
Ass{S[) C Ass{S') U StableiS'2)) 

Vlocit) n iVassiS') U VstaUeiS!,)) C 

(by ©) 

Vloait) n iVassiS') U (G) U VlociS'2)) C 

(since by hypothesis Vioc('^2) ^ V;oc('5')) 
l^oc(t) n {VassiS') U Ft-(G) u y/oc(<5')) = 

(since i is compatible with S' and by definition of V/oc) 



(4) We have to prove that for i G [1, 1], Viodt') n Fv{e^) C lj*r^^ i^i'(/j) U Fv{di) U 
KtaWe(5i)- Let i e [1 J] and let x S Vioc(t') n i^u(ei). 

Since by inductive hypothesis Inc{S'i) C Inc{S'), there exists a least index h € 
[2,n] such that = c/j. Therefore, since Vioc{t') — Vioc{t) and t is compatible 
with 6' , we have that 

/i-i 

X e \J Fvidj)UVstable{S'). (10) 

Moreover, since x G V;oc(^') = ^Zoc(i)j t is compatible with i5' and by hypothesis 

x^Fv{G)UViociS'2). (11) 

Now, observe that 

Vstabie{S') C (by definition of || and since by hypothesis 

a{S')er^ia{S[)\\ aiS',))) 

Vstable {S[)UVstable{S!,) C (by ©) 

Vstable 

Then by IjlOjl and (|ll(l . we have that x G Ui=i Fv{dj) U Vstafc;e('51)- Then to 
prove the thesis, we have to prove that 

if 2: G Uj^i Md,) U V;tafc;e(<^i) then x G \J'jl\ Fv{!j) U Ft-(di) U V,tabie{5[). 
Let us to assume that x G Uj=2 ^^('^j) and let fc the least index j G [2, ft. — 1] 
such that X G Fv{dj). 

If dfc is an output constraint of 6[, i.e. there exists j G [l,i — 1] such that 
'^fc — /ji ths proof is terminated. 

Now assume that dk is an output constraint of Jj, i.e. there exists w G [l,m] 
such that dk = and for each j G [1, w — 1], we have that x ^ Fv{sj). Since 
k is the least index j such that x G Fv(dj) and since i is compatible with S' , 
we have that a: ^ Fv{ck) and therefore x ^ Fv{rw). 

Moreover, since by (dJ, a: ^ Fv{G) U V/oc((52); we have that a: ^ Fv{Gw)- 
Then by definition of derivation step, since a; G Fti(s,„) \ (Fti(r,„) U Fv{Gw)), 
we have that a; G Fv{N.u]) and therefore x G Vass{S'2)- By hypothesis x G 
Vass{S') U T4taWe(i5i). Then since t is compatible with S' and a; G V;oc(07 
have that a; ^ Vass{S') and therefore a; G VstabieiS'i) and then the proof. 
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(b) a{Si) II a{S2) is defined. We have to prove that 

(ViocHS,)) U FviH)) n {Viociaid'^)) U Fv{G)) C Fv{H) n Ft;(G). 
By Lemma [4.31 

Viocia{Si)) = U ^oc(t') (12) 

and since a{6[) \\ a{62) is defined , we have that 

Vioc{a{S[)) n {ViociaiS'^)) U Fv{G)) = 0. (13) 

Now observe that, since t is compatible with d', Vioc{t') = V/oc(0 and by Lemma lTT^ 
we have that Vioc{t') n Vioc{oi{S' j) = 0. Moreover, by hypothesis for Vioc{ct{S'2)) C 
Viocia{S')) and by definition of i, we have that Fv{G)nViocit') = Fv{G)^Vioc{t) = 
0. Then 

ViociaiSi)) n {ViMS'^)) U F«(G)) = 

(V^/oc(a(<5D) U l^oc(t')) n (1^/oc(a(^i)) U Fv{G)) - 0. 

Moreover, since t is compatible with (5', Fv(H) C Fv{t) and by hypothesis Vioc(a(<52)) C 

^oc(«(<5')) 

i^i;(i7) n ViocHS'2)) C i^i;(i7) n ViociaiS')) = 

and then the thesis holds. 

(c) a{S) eri{a{Si) \\ a(5^)). By hypothesis a{S') G r;(a((5i) || a((5^)), a{6) = 
(ci, i^i, W^i, di) •q;((5') and a{Si) = (ci, i^i, Ji, di) •Q!((5i), where Wi is is the multiset 
of atoms in (H, G) which are not rewritten in 6 and Ji is the multiset of atoms in 
H which are not rewritten in Moreover let us to denote by 

— J2 the set of atoms in B which are not rewritten in S'l , by 
— Yi the set of atoms in G which are not rewritten in S2 and by 
— W2 the set of atoms in {B, G) which are not rewritten in 6' . 
Since a{5') £ rj{a{5'i) \\ oi{52)) there exists cr' e P such that 

a' e a{S[) II a{S'2) and a{5') e r]{{a'}). 

By our assumptions, a' — (c2, Ai, J2 W Yi, ^2) • cr" and by definition of ||, 

(T = {ci,Ki,JiiSYi,di) ■ a' e a{Si) \\ a((5^). 

By definition of rj and since a{S') G '7({o''}), 

(ci, i^i, (Ji W Yi) \ S, di) ■ aiS') e 77(a(<5i) || a(5^)), (14) 

where the multisets difference (Ji 1+1 Fi) \ 5* considers indexes and S is such that 
(J2 W Yi) \ S = W-2.- Then we can choose S in such a way that S restricted to 
the atoms with index equal to 1 is the set of (non-indexed) atoms ( Ji W Yi) \ W\ 
and S restricted to the atoms with index equal to 2 is the set of (non-indexed) 
atoms (J2 \ J\) \ {W2 \ Wi). It is easy to check that S satisfies the condition 
(J2 1+) Fi) \ 5 = VF2. Moreover, by construction ( Ji l+) Yi) \ S" = W^i. Therefore by 

m 

a{5) = {ci,Ki,Wi,di)-aiS')evHSi) \\ a((5^)) 
and this completes the proof. 
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Lemma 7.5. (Lemma \4.4{ l Let P be a program, H and G be two goals and assume 
that 5 G Sp{H,G). Then there exists 5i G S'p{H) and S2 € Sp{G), such that 
aiS) e viaiSi) II a(<52)). 

Proof We construct, by induction on the I = length{S) two sequences 5 t(ff,G) = 
{61,62), where 

(1) for i ^ 1,2, Vioci6t) C Vioci6) and Inc{6,) C Inc{6) (and therefore CT ^ 
instore(6i) instore{6)) . 

(2) Ass{6i) C Ass{6) U Stable{62) and Ass((52) C Ass(5) U Stable{6i), 

(3) (5i e 62 e 5^(0), || 0(62) is defined and £ ?7(a((5i) || a((52)). 

= 1). In this case 6 = {{H, G),c, 0, {H, G),c). We define 

5 T(H,G)= ((if, c, 0, i?, c), {G, c, 0, G, c)) = ((5i, ,52), 

where (5i e S'p{H) and (52 S S'p{G). By definition for i = 1,2, Vioc{6i) = 0, 
/nc((Sj) = {c} = /nc(5) and Ass(^j) = 0. 

Moreover a{6i) = {c,^,H,c) and a{62) = {c,%,G,c) and then a{6i) \\ a{62) is 
defined. Now the proof is straightforward by definition of ||. 

{I > 1). Assume that 6 e S'p{H,G). By definition 

5={{H,G),ci,Ki,B2,di)-5', 

where 5' G S'p{B2) and t = {{H,G),Ci, Ki, B2,di) is compatible with (5'. Recall 
that, by definition, the tuple t represents a derivation step 

s={{H,G),ci) (i?2,di). 

Now we distinguish various cases according to the structure of the derivation step 
s. 

— In the derivation step s, we use the Solve' rule. In this case, without loss of 
generality, we can assume that H = (c, H'), 

s = {{H,G),ci) {{H',G),di), 

CT h ci A c <-> di, t = {{H, G), ci, 0, {H' , G), di) and 6' G S'p{H' , G). Moreover 
a{6) — (ci, 0, W, di) ■ a{6'), where W is the first stable multiset of a{6'). 
By inductive hypothesis there exist 6'^ G S'p{H') and 62 G S'p{G) such that 
5' ^(H',G)= {S'1.52), a{6[) II a{62) is defined and a{6') G ri{a{5[) \\ a{62)). Then, 
we define 

5](H,G)= {^1,52) where 61 = {H, ci,9, H' , di) ■ 6[. 

By definition {H,ci) — >p {H',di}, t' = {H,ci,%,H' ,di) represents a derivation 
step for H, Fv{di) C Fv{H) U Fv{ci) and therefore Vioc{t') = 0. Then the 
following holds. 

(1) Let i G [1,2]. By the inductive hypothesis, by construction and by the 
previous observation Vioc{6i) C Vioc{6') — Vioc{6) and Inc{6i) C Inc{6') U 
{ci} = Inc(5). 

(2) By inductive hypothesis and by construction, 

Ass{6i) = Ass{6[) C Ass{6') U Stable{62) = Ass{6) U Stable{62) and 
Ass{62) C Ass(5') U Stable{6[) = Ass((5) U Stable{6i). 
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(3) By inductive hypothesis 82 G S'p{G). The proof of the other statements 
follows by Lemma 17.41 and by inductive hypothesis. 
— In the derivation step s, we use the Simplify' rule and let us to assume that in 
the derivation step s atoms deriving from H only are rewritten. 
In this case, we can assume that s — {{H,G),ci) — >p^ {{B,G),di), S' £ 
S'p{B,G) and t = {{H,G),ci,Ki,{B,G),di). By inductive hypothesis there 
exist 6[ e S'p{B) and 62 & S'p{G) such that 6' t(i3,G)= {^'1,82), a{S[) \\ a{S2) is 
defined and a{S') £ r]{a{S[) \\ a{S2))- Then, wc define 

^ T(//,G)= {Si, 82) where Si = {H,ci,Ki,B,di) ■ S[. 

By definition (iJ, ci) — >p^ {B, di), t' — {H, ci, Xi, B, di) represents a derivation 
step for H and Vioc{t') = Vioc{t). 
Now the following holds. 

(1) Let i G [1,2]. By the inductive hypothesis, by construction and by the 
previous observation Vioc{St) C Vioc{S') U Vioc{t) = Vioc{S) and Inc{6i) C 
Inc{S')U{ci} = Inc{S). 

(2) By inductive hypothesis and by construction, 

Ass{6i) = Ass{5[) U {Ki} 

C Ass{S') U Stable{S2) U {Ki} = Ass{S) U Stable{52) 

and 

Ass{62) C Ass{6') U Stable{6[) C Ass{S) U Stable{6i). 

(3) By inductive hypothesis 82 G Sp{G). The proof of the other statements 
follows by Lemma [Y. 41 and by inductive hypothesis. 

— In the derivation step s, we use the Simplify' rule and let us to assume that in 
the derivation step s atoms deriving both from H and G are rewritten. 
In this case, we can assume that H = {H' , H"), G = (C, G"), H" ^ 0, G" ^ 0, 
s = {{H, G), ci) — {{H', G', B), di), S' e S'p{H', G', B) and 
t={{H,G),ci,Ki,iH',G',B),di). 

By using the same arguments of the previous point there exist S[ 6 S'p{H,G") 
and 82 G S'p{G') such that 5 ]((h.g"),G')= (^1,^2)- 

Now, observe that, by Lemma 17^ and by definition of |, there exists 61 £ S'p{H) 
such that Ass{5i) = Ass{6[) U {G"}, a{6[) = {ci,Ki,Wi,di) ■ cti, a{5i) = 
{ci,Ki W {G"},T^i,di} • CTi and = V{5[) for F £ {Vioc, Inc, Stable}. 

Moreover, since S £ S'p{H,G) and VJoclfJa) ^ ViodS), we have that Fv{G") n 
y,„^(5^) = 0. Then by Lemma O we have that 62 = S'2 (B G" £ S'p{G). 
By construction Stable{52) = Stable{5'2) U {G"} and ^/(Ja) = V"((5^) for V £ 
{Vzoc, ^J^c, Ass}. 
Then, we define 

5 ](H,G)= (^1,^2)- 

Now the following holds. 

(1) Let i £ [1,2]. By definition of ] and by the previous observation Vioc{5i) = 
Vioc{5'i) C VioM and Inc{5^) = Inc{6[) C Inc{5). 

(2) By definition of t and by construction Ass{5i) = Ass{5[) U {G"} C Ass{5) U 
Stable{6'2) U {G"} = Ass(^) U Stable{52) and Ass((52) = ^ss(^^) C Ass(J) U 
Stable{5() = Ass{5) U Stable{5i). 
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(3) The proof that a ((Si) || 0(62) is defined foUows by observing that, by def- 
inition of derivation, Vioc{S'i) fl Fv{G") = 0, by construction for i e [1,2], 
Vioc{Si) = Vioc{S'i) and by definition of t, ct{K) II ^({^2) is defined. Finally, 
the proof that a{6) G r]{a{Si) \\ a{S2)) follows by observing that by defini- 
tion of t, a{S) e r]{a{S[) \\ a{S'2)) and by construction i]{a{S[) \\ a{S'2)) C 
ri{a{di) II a{52))- 

Lemma 7.6. (Lemma \4-5{ ) Let P he a program, let H and G he two goals and 
assume that 61 G S'p{H) and 62 G Sp{G) are two sequences such that the following 
hold: 

(1) a{Si) 11 0(62) is defined, 

(2) a = {ci,Ki,Wi,di) ■ ■ ■ (c„, 0, Wn, c„) e vHSi) \\ 0(^2)), 
(5) {Vioc{a{Si)) U Vioc{a{62))) n Ks.M - 0, 

(4) forte[l,n], {Vioc{ai5i))UVioc{a{S2)))nFv(c,)'Z[j'-\Fv{dj)UFv(W,). 
Then there exists S G S'p{H, G) such that a — a{5). 

Proof In the following, given two derivations 5i G S'p{H) and 62 G Sp{G), which 
verify the previous conditions, we construct by induction on the / — length{a) a 
derivation S G Sp{H, G) such that Vioc{5) C Viod^i) U Vioc{52) and a — a{5). 

(I = 1). In this case 61 = {H,c,%,H,c), 62 = {G,c,%,G,c), a{5i) = {c,%,H,c), 
a{52) - (c, 0, G, c), a = (c, 0, {LL, G), c) and & = ((F, G), c, 0, (iJ, G), c). 
> 1). Without loss of generality, we can assume that 

(Si =i'-<5i, 82 = (G,ei, Ji,G2,/i} -(5^, 
(Ti = a((5i) = (ci, Li, iVi, di) • Q!((5i) and 
tT2 = a((52) = (ei, Ji,Mi,/i) • 0-2, 

where t' = (ff, ci, Li, i?2, ^i), (5i G S'p{H2), a e 7j{{ci,Li,Ni WAfi,di) • ct) and 
CT G a(^i) II a2- 

By definition of rj, there exist the multisets of atoms L', L, L and the sequence 
a' such that 

a = (ci, Li \ L, {{Ni W Ml) \ L) \ L', d{) ■ {a' \ i'), 

where a' G r]{a) C ?7(a((5i) || 0-2), Ki=Li\L and VFi ((iVi W Mi) \ Z) \ L'. Now 
the following holds 

(1) a{5'i) II Q:(^2) is defined. By definition, we have to prove that 

{Vioc{a{5[)) U Fv{H2)) n {Vioc{a{62)) U ^^«(G)) = Fv{H2) n ^^«(G). 

First of all, observe that since Vioc{a.{5'i)) C Vioc{o.{5i)) and a((5i) 1| a{52) is 
defined, we have that Vioc{a{5'^)) n (Vioc(a(<52)) U Fv{G)) = and (F?;(F) U 
Vioc{a{5i))^{Vioc{a{52)) = %. 

Now, observe that by definition of derivation, Fv{H2) C Fv[H) U V/oc(a(<Si)). 
Therefore, by previous observations, Fv{H2) n Vioc{oi{52)) = and then the 
thesis. 

(2) a' = (c2,if2,M^2 WL',d2)---(c„,0,iy„ WL',c„) r^{a{5[) \\ 0(^2)). The proof 
is straightforward, by definition of ||. 
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(3) By definition, by the hypothesis and by Lemma l4.3l we have that 

Woc(a('Ji)) U Vio,{a{52))) n KsaM = 0- 

(4) For i e [2,n], 

{Vioc{a{5[)) U Vioc{a{52))) D Fv{ci) C [Jp^ Fv{d,) U Fv{W, W L'). 

To prove this statement observe that by hypothesis and by Lemma 14.31 for 
i e [2,n], 

{Vioc{a{5[)) U Vioc{a{52))) n i^t.(c,) C 
(V/oc(a(<5i)) U y/oe(«((52))) n Ft-(c,) C 

i-l 

[jFv{dj)iJFv{Wi). (15) 
i=i 

Let i G [2,n], such that there exists x e (V/oc(a(<5i)) U V/oc(a(<52))) H Fv{ci) fl 
Fu(di).We have to prove that x € Fv{Wi) and then the thesis. 
First of aU, observe that since x € Fv{di), by definition of derivation, we have 
that X Vioc{a{S[)) and therefore x e Vioc{a{S2)) n Fv{ci) n Fv{di). 
Moreover, since by hypothesis a(6i) \\ a{S2) is defined, we have that x ^ 
Fv{H) U Vioc{t')- Therefore, since x G Fv{di) and by definition of derivation, 
we have that x £ Fv{Li) U Fv{ci). Now we have two possibihties 
— X € -Fw(ci). In this case, since x € V;oc(Q!(<^2)) and by point 4 of the hypoth- 
esis, we have that x G Fv{Wi). 
— X e Fv{Li). In this case there exists A £ Li such that a; e Fv{A). Since by 
hypothesis (V/oc(Q!(<5i))UV^oc(a(<52)))nyas5(CT) = 0, we have that A ^ Ass(cr) 
(i.e. ^ ^ ifi) and therefore, by definition of ||, there exists A' € G such 
that CT 1= ci A ^ ^ ci A A'. Note that, since x E Vioc{ct(62)) , we have 
that X Fv{G) ^ Fi;(^'). Then x G Fw(ci) and then analogously to the 
previous case, x G Fv{Wi). 
Then, by 

(l^oc(a(<5i)) U l^oc(a(<52))) n Ft;(c,) C |J Fv{dj) U Fi;(T4^,) 
and then the thesis. 

By previous results and by inductive hypothesis, we have that there exists 5 G 
S'p{H2,G) such that VioS) C Vioc{5[) U Vioc{52) and a' = a(^). Moreover by 
definition of 77, L' C (H2,G) is a multiset of atoms which are stable in S. Then 
S' — SqL' E S'p{B), where the goal B is obtained from the goal {H2, G) by deleting 
the atoms in L' . By construction 

Vioc{5') = Vio,{5) and Vass{&') - Kss(^). (16) 

Now observe that since t' = {H, ci, Li, H2, di) represents a derivation step for H, 
we have that t = {{H, G),ci, Ki, B,di) represents a derivation step for {H, G). Let 
us denote by 5 the sequence t- 5' . 
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Then, to prove the thesis, we have to prove that Vioc{S) C Vioc{6i) U Vioc{S2), t is 
compatible with 5' (and therefore 6 £ S'p{H, Gj) and a — a{S). 

(VlociS) C VlociSl)UVloc{d2)).- 

Vioc{5) = by construction 

Viocit)UViociS') =hym 

Vioc{t') U Vioc{S) C by inductive hypothesis 

Vioc{t')UVioc{S'i)UVioc{S2) = by construction 

VlociSl)UVloc{S2) 

and then the thesis. 

(t is compatible with S' ).. The foUowing holds. 

(1) CT \= instore{6') — > c?i. The proof is straightforward, since by construction 
either instore{5') = instore{5'i) or instore{5') = instore{52). 

(2) Vioc{5') n Fv{t) = 0. By construction, H16|) and by inductive hypothesis 

Viocit) = Viocit'), Fvit) = Fv{t') U Fv{G) and 

VlociS') ^Vioc{S[)UVioc{S2)- (17) 

By definition of derivation and since a{S'i) || a ((52) is defined, we have that 
Vioc{S[) n {Fv{t') U Fv{G)) = and therefore by the second statement in lO 

ViociS[)r\Fvit) = 9. (18) 

By point 3 of the hypothesis Fv{Ki) n Vioc{S2) — 0- Moreover, since by defini- 
tion of a and ||, Wi C (H, G), we have that 

Fv{ci) n Vioc{S2) C (by point 4 of the hypothesis) 
Fv{Wi) n Vioc{S2) C (by the previous observation) 
Fv{H, G) n V/oc(<52) = (by definition of derivation and 
since a{Si) \\ a{S2) is defined) 



Finally, since a{Si) \\ a{S2) is defined we have that {Fv{H)UViocit'))r\Vioc{62) = 
0. Then by definition and by l|17|l 

Fvit)nViociS2) = iFvici,H,Ki)UViocit'))nViociS2)^9. (19) 

Then 

Vioc{S') n Fv{t) C (by the last statement in (fT7|l 'l 

iViociS[)UViociS2))nFvit) C (by (CHI) 
Vioc{S2) n f^i;(t) = (by m) 

0. 

(3) V;oc(i) n VassiS') = 0. The proof is immediate by the second statement of 
CSJ, since a' — a{6), Vassi<^') Q Kiss(o'), by the first statement in (fTTji . since 
Vioc{t') C V/oc(<5i) and by point 3 of the hypothesis. 

(4) for i e [2, n], Viocit)nFv{c,,) C IJ^"^^ Fv{dj)UVstabieiS')- By construction, since 
S' = SQL', a' = a{S) and Stable{a') = Wn^L', we have that Stable{S') = Wn- 
Then the proof is immediate by observing that Vioc{t) = Vioc{t') C Vioc{Si), for 
i £ [2,n], Wi C Wn and by point 4 of the hypothesis. 
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(a = a{5) ).. By inductive hypothesis a' = a{6) and then by construction 
a{5'). Then 

u={cuKuWud{)- {u'\L') = {cuKuWi,d{)-a{5')=a{5), 
where the last equality follows by observing that 5 = t- 6' , where 

t={{H,G),cuKuB,d{) 
and W\ is the multiset of all the atoms in [H, G), which are stable in 6. 



